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DETAILED ACTION 

1. Claims 1-42 have been presented for reconsideration in view of Applicant's arguments. 

Rgsmmse to Arguments 



2. Applicant's arguments filed on 1-16-2004 have been folly considered. The Examiner's 
response is as follows: 

2.1 Regarding the Applicant's response to the 35 U.S.C. 103(a) rejections of Claims 
L2, 4, 5, 8. 18 and 19: 

Applicant argued: 

Applicant teaches that it can be difficult to test 
vulnerabilities on the network itself. As noted on p, 1, lines 28-30, such 
tests can disrupt the network and may leave footprints such as event log 
entries and the like on scanned machines. Therefore, in contrast to 
Gleichauf, Applicant teaches the use of a separate simulator to identify and 
test vulnerabilities. 

The Examiner notes that the Applicant is referring to pages in Applicant's 
specification, while enabling the Applicant has not invoked the use of, means plus function, 
language as required in 35 U.S.C. 112 6^ paragraph. The Examiner asserts that the Applicant is 
attempting to read into the claimed limitations from the specification and that without the use of 
means plus function language that the Examiner is not required to grant any weight to the 
argument. The Examiner asserts that the cited reference teaches the claimed limitation in 
independent Claim 1 of, a circuit simulator coupled to the network configuration module to 
simulate and analyze networks based on the network configuration data, and that the Examiner's 
use of the cited reference is a reasonable interpretation of the current claimed limitations. 
Applicants argued: 



• 
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Ptacek then goes on to describe the language used to generate network 
traffic used to test the network for known vulnerabilities. Ptacek does not, 
therefore, describe a network simulation for analyzing attacks against a 
network, but instead describes a computer language for generating attacks 
against the network itself Since neither reference describes "a simulator 
coupled to the network configuration module to simulate and analyze networks 
based on the network configuration data" as described by Applicant and 
claimed in claims 1-8, claims 1 -8 are patentable over the cited references. 
Reconsideration of claims 1-8 is respectfully requested. Similarly, since 
neither reference describes "simulating the network based on the network 
configuration" or "determining vulnerabilities of the simulated network using 
the vulnerability information stored in the database" as described by 
Applicant and claimed in claims 18-27, claims 18-27 are patentable over the 
cited references. Reconsideration of claims 18-27 is respectfully requested. 



The Examiner asserts that, in Column 3 Lines 24-43 the Ptack et al reference U.S. Patent 
6,343,362 teaches, the facilitating simulation of an attack against a computer network, which is 
at the core of Applicant's claimed limitations. The Examiner notes that the use of Network 
simulators are known in the art, and that a reasonable interpretation of the claim language would 
be that the simulation module, as claimed in the independent claims, is for simulation of an 
attack and therefore reads on the teachings of the Ptack et al reference. 

Applicant argued: 

Similarly, since neither reference describes "simulating the network 
based on the network configuration" or "determining vulnerabilities of the 
simulated network using the vulnerability information stored in the database" 

The Examiner notes that the Gleichauf et al reference U.S. Patent 6,282,546, teaches 
vulnerability information stored in a database (Figure 2 Item 28), however, the Examiner notes 
that the provided references do NOT expressly teach the use of a network simulator. For that 
express reason, the Examiner withdraws the earlier 35 U.S.C. 103(a) rejections of Claims 1, 2, 4, 



2.2 Regarding the Applicants response to the 35 U.S.C. 103ra) rejections of Claims 3 



5, 8, 18 and 19. 



and 6: 



m 
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Applicant argued: 

While G2 does describe the use of a database, he does not describe the 
use of a simulator having a network vulnerabilities database used to simulate 
and analyze networks based on the network configuration data as describe by 
Applicant and claimed in claims 3 and 6. Reconsideration of claims 3 and 6 is 
respectfully requested. 



that the G2 reference was not relied upon to reject all of the limitations in Claims 3 and 6. In 
response to applicant's arguments against the references individually, one cannot show 
nonobviousness by attacking references individually where the rejections are based on 
combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re 
Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). 

2.3 Regarding Applicant's response to the 35 U.S.C. 103 rejection of Claim 7: 

Applicant argued: 
The M.P.E.P. adopts this line of reasoning, stating that 

In order for the Examiner to establish a prima facie case of obviousness, 
three base criteria must be met. First, there must be some suggestion or 
motivation, either in the references themselves or in the knowledge generally 
available to one of ordinary skill in the art, to modify the reference or to 
combine reference teachings. 



Applicant notes that, even if, for argument's sake. Sparks describes an 
attacker and a defender in the context of an Internet -based game, there is no 
teaching or motivation in any of the cited references to create an 
environment where an attacker can attack a computer network through a 
simulation of that network and a defender defend that same simulated network. 
Applicant respectfully submits that the Office Action relied on the 
Applicant's disclosure and/or impermissible hindsight in forming the 
rejection of claim 7 over the cited references. As such, Applicant 
respectfully requests that this rejection be withdrawn. 



The Applicant is applying a piecemeal analysis of the Examiner's rejections in 



AND... 
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The Examiner notes the following line from the Applicant's arguments, or in the 
knowledge generally available to one of ordinary skill in the art, to modify the reference or to 
combine reference teachings,., and Sparks describes an attacker and a defender in the context of 
an Internet-based game. The Examiner assets that an artisan of ordinary skill, would have known 
about network simulators, further the Examiner asserts that an Intemet game for simulating 
breaking into a network is, like so many computer games, a simulation. The Examiner fails to 
understand why an artisan would not be aware of the large proHferation of on-line games, those 
games relationship to simulations and the use of attackers and defenders in simulations. The 
Examiner asserts that the idea of an attacker and a defender in a simulation has been in existence 
and used by the military since before the 1980's and an artisan of ordinary skill, faced with the 
complexity of the types of attacks that can be leveled against a computer network, would have 
quickly realized the need to provide a mechanism whereby a human opponent can be added to 
the simulation for the purpose of realistically depicting the current threats. Humans have always 
been the most challenging opponents, despite the emergence of Artificial Intelligence and expert 
systems; the need for human opponents has become essential The Examiner notes that the 
military provides mechanisms for human attackers and defenders in combat simulations, the 
Examiner further notes that the military has identified that network centric warfare is now a top 
National Security priority and therefore an artisan that developed that original combat simulators 
would have also been motivated to develop network simulations with attackers and defenders 
because of the requirement to simulate what actual future network warfare will actually be like. 
Applicant's arguments are persuasive in that the limitation of a network simulator was not taught 
in the original references and therefore the original rejection of claim 7 is withdrawn. 
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2.3 Regarding Applicants response to the rejections of Claims 21, 22, 23 and 26: 
Applicant's argued: 

Jackson describes a card game based on the Illuminati system. The 
card game uses hacker terminology to create a game in which players try to 
game access to one or more cards representing computer systems. It's the 
Examiner's position that Jackson discloses mission objectives when he states 
that a player wins by gaining access to a given number of systems. The game 
described by Jackson builds a network during game play by laying cards down 
'in a domino-like manner. There is no "simulating the network based on the 
network configuration" or "determining vulnerabilities of the simulated 
network using the vulnerability information stored in the database" as 
described by Applicant and claimed in claims 21, 22, 23 and 26, Furthermore, 
there is no "simulating the network based on the network configuration and 
mission objectives." Reconsideration of claims 21, 22, 23 and 26 is 
respectfully requested. 

The Examiner notes that Applicant is doing a piecemeal analysis of the claims 
and not taking into account that the Gleichauf et al and the Ptacek et al references where relied 
upon to teach claim limitations that the Jackson reference was not required to teach. In response 
to applicant's arguments against the references individually, one cannot show nonobviousness by 
attacking references individually where the rejections are based on combinations of references. 
See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 
231 USPQ 375 (Fed. Cir. 1986). The Examiner further notes, that the Jackson reference further 
supports the notion that a game is a simulation and that, in this case the simulation (game) relates 
to an attack on a computer network, with an attacker and a defender. 

2.4 Regarding all of the Applicant's responses to the art rejections of Claims 1-42 
under 35 U.S.C. 103(aV 

Applicants have argued that the primary references used to reject all of the independent 
Claims are deficient in that theses references do not expressly teach a network simulator. The 



Examiner has found Applicant's arguments to be persuasive in that the current rejections of 
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claims 1-42 are deficient in that the claimed limitation of the Network Simulator is not expressly 
disclosed by the current prior art being used for the rejections. The Examiner withdraws the 35 
U.S.C. 103(a) rejections of Claims 1-42. 

2,5 Regarding Applicant's observation that there is no rejection of dependent Claim 



The Examiner thanks the Applicant for pointing out the Examiner's error of 
omission and the Examiner has provided a remedy in this NON-FINAL action. 

A review of the prior art of record has revealed a reference that teaches the limitation of 
using a network simulation for the purpose of testing a network for vulnerability. 



The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

3. Independent Claims 1 and 18 and dependent Claims 2, 4, 5, 8 and 19 are rejected under 
35 U.S.C 103(a) as being unpatentable over Gleichauf et aL U.S. Patent 6,324,656 in view of 
Ptacek et al. U.S. Patent 6,343,362 and in further view of "A GSM Simulation Platform for 
Intrusion Detection" by Didier Samfat, Veronique Devernay and Christian Bonnet 

hereafter referred to as the Samfate et al. reference. 



39: 



Claim Rejections - 35 IJSC § J 0.1 
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3.1 As regards independent Claims 1 and 18 the Gleichauf et al reference discloses 
a security modeling system (CoL 2 Lines 47-50, CoL 4 Lines 20-43), a network configuration 
module having network configuration data (CoL 4 Lines 9-19 Figure 2, CoL 5 Lines 14-26), a 
computer implemented method of analyzing networks based on the network configuration data 
where the software includes a network vulnerabilities database where the network vulnerabilities 
database includes, a plurality of known network vulnerabilities where each network vulnerability 
includes a service to which it applies, defense conditions that might close the vulnerability, and 
resource and state conditions needed to exercise the vulnerability, (Figures 1-5, Figure 5 
ITEMS 26 and 126, CoL 6 Lines 21-25, CoL 7 Lines 5-54). 

However, the Gleichauf et al reference does not expressly disclose a network simulation 
for analyzing attacks against a network. 

The Ptacek et al reference discloses a network simulation for analyzing attacks against a 
network (CoL 3 Lines 24-43). 

It would have been obvious, at the time of the invention, to have modified the Gleichauf 
et al reference with the Ptacek et al reference because, (motivation to combine) the Ptacek et 
al reference discloses a method of simulating attacks on a network and provides a means to test 
the vulnerability of an proposed network configuration against different types of attacks without 
exposing that network to an actual attack. 

However, the Gleichauf et al reference does not expressly disclose a network 
simulation. 

The Samfate et al reference discloses a network simulator (page 766). 
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It would have been obvious, to one of ordinary skill in the art, at the time the invention 
was made, to have combined the Network vulnerability database of the Gleichauf et al 
reference with the network simulator of the Samfate et al reference because, by being able to 
exactly repeat the manner in which the network behaves as the attack takes place, software 
counter measures can be tested, and then retested in an environment where the same conditions 
can be repeated when debugging the counter measure software {Samfate et aL page 766). 

3.2 As regards dependent Claim 2 the Gleichauf et al reference discloses a database, 
including network vulnerability and exploitation data and attack data (Figure 2 ITEM 80, 
Figure 3A ITEM 98, Figure 3B, 4 and 5, Col. 4 Lines 9-19, Col. 8 Lines 13-25). 

3.3 As regards dependent Claims 4 and 19 the Gleichauf et al reference discloses a 
network configuration discovery tool (Figure 3A, ITEMS 90 and 92, CoL 2 Lines 6-15). 

3.4 As regards dependent Claim 5 the Gleichauf et al reference does not expressly 
disclose a Graphical User Interface. 

The Ptacek et al reference discloses a Graphical User Interface (Figure 2A, 
ITEM 260, Col. 4 Lines 59-67, CoL 5 Lines 1-9). 

It would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to have modified the Gleichauf et al reference with the Ptacek et al reference 
because, (motivation to combine) a Graphical User Interface provides an easy to use method of 
user interaction with a computer program that does not require the user to memorize large 
amounts of command line interface commands to perform useful tasks. 

3.5 As regards dependent Claim 8 the Gleichauf et al reference discloses a portable 
modeling system (Figure 1 ITEMS 20, 22, 24 and 26). 
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4. Dependent Claims 3 and 6 are rejected under 35 U.S.C 103(a) as being unpatentable 
over Gleichauf et aL U.S. Patent 6,324,656 in view of Ftacek et al. U.S- Patent 6,343,362 and 
in further view of "A GSM Simulation Platform for Intrusion Detection" by Didier Samfat, 
Veronique Devernay and Christian Bonnet hereafter referred to as the Samfate et al 
reference and in further view of Gleichauf et al. U.S. Patent 6,282,546 hereafter referred to as 
the G2 reference. 

4.1 As regards independent Claim 1 see paragraph 3. 1 above. 

4.2 As regards dependent Claim 2 see paragraph 3.2 above. 

4.3 As regards dependent Claim 3 the Gleichauf et aL reference does not expressly 
disclose database tables. 

The 02 reference discloses database tables (Figure 3B and 3C). 

It would have been obvious to combine the Gleichauf et al. reference with the G2 
reference because, the Gleichauf et al. reference specifically points the reader to the G2 
reference in (Col. 8 Lines 12-25) when discussing another embodiment of the invention 
disclosed in the Gleichauf et al. reference. 

4.4 As regards dependent Claim 6 the Gleichauf et aL reference does not expressly 
disclose receiving the network vulnerability, attack and exploitation data. 

The G2 reference discloses receiving updated network vulnerability, attack and 
exploitation data (Figure 1 ITEMS 18 and 16). 

It would have been obvious to combine the Gleichauf et aL reference with the G2 
reference because, the Gleichauf et aL reference specifically points the reader to the G2 
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reference in (Col. 8 Lines 12-25) when discussing another embodiment of the invention 
disclosed in the Gleichauf et al reference. 

5. Dependent Claim 7 is rejected under 35 U.S. C. 103(a) as being unpatentable over 
Gleichauf et al. U.S. Patent 6,324,656 in view of Ptacek et al. U.S. Patent 6,343,362 and in 
further view of "A GSM Simulation Platform for Intrusion Detection" by Didier Samfat, 
Veronique Devernay and Christian Bonnet hereafter referred to as the Samfate et al. 
reference and in further view of Sparks, n U.S. Patent 6,352,479. 

5.1 As regards independent Claim 1 see paragraph 3. 1 above. 

5.2 As regards dependent Claim 7 the Gleichauf et al. reference does not expressly 
disclose a simulator with an attacker and a defender user interface. 

The Sparks //reference discloses an attacker and a defender user interface (Figure 3). 

It would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to have modified the Gleichauf et al. reference with the Sparks II reference because, 
(motivation to combine) by supporting multiple players using a network and graphical user 
interfaces, complex and real-time interaction between an attacker and a defender can be achieved 
over great distances using a network, like the internet, where two people do not have to be in the 
same geographic location to play against each other in a simulation or a game (Sparks IIj CoL 1 
Lines 50-65). 

6. Independent Claim 9 is being rejected under 35 U.S.C. 103(a) as being unpatentable over 
Gleichauf et al. U.S. Patent 6,324,656 in view of Ptacek et al. U.S. Patent 6,343,362 and in 
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further view of "A GSM Simulation Platform for Intrusion Detection" by Didier Samfat, 
Veronique Devernay and Christian Bonnet hereafter referred to as the Samfate et al 
reference and in further view of Sparks, n U.S. Patent 6,352,479. 

6.1 As regards independent Claim 9 the Gleichauf et al reference discloses a 
network configuration module (Col. 4 Lines 9-19 Figure 2, Col. 5 Lines 14-26), a computer 
implemented method of analyzing networks based on the network configuration data where the 
software includes a network vulnerabilities database where the network vulnerabilities database 
includes, a plurality of known network vulnerabilities where each network vulnerability includes 
a service to which it applies, defense conditions that might close the vulnerability, and resource 
and state conditions needed to exercise the vulnerability, (Figures 1-5, Figure 5 ITEMS 26 and 
126, Col. 6 Lines 21-25, Col. 7 Lines 5-54). 

However, the Gleichauf et al reference does not expressly disclose a network simulation 
or a computer game. 

The Ptacek et al reference discloses a network simulation for analyzing attacks against a 
network (Col. 3 Lines 24-43). 

It would have been obvious, at the time of the invention, to have modified the Gleichauf 
et al reference with the Ptacek et al reference because, (motivation to combine) the Ptacek et 
al reference discloses a method of simulating attacks on a network and provides a means to test 
the vulnerability of an proposed network configuration against different types of attacks without 
exposing that network to an actual attack. 

The Sparks //reference discloses a computer game (Figures 1-12). 
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It would have been obvious, to one of ordinary skill in the art, to have combined the 
Gleichauf et al. reference with the Sparks II reference because, (motivation to combine) by 
playing a game using the game server disclosed in the Sparks II reference the player is able to be 
handicapped in a manner to determine the current level of skill and this is useful in determining 
if that particular individual is ready for operating at a particular skill level. In the manner 
described a computer security expert could determine if a particular person is qualified to receive 
a certification for a particular job protecting a computer network (Sparks II, Figure 12). 

7. Independent Claim 10 and dependent Claims 11, 13, 14 and 16 are being rejected under 
35 U.S.C. 103(a) as being unpatentable over Gleichauf et al. U-S. Patent 6,324,656 in view of 
Ptacek et al. U.S. Patent 6,343,362 and in further view of "A GSM Simulation Platform for 
Intrusion Detection'' by Didier Samfat, Veronique Devernay and Christian Bonnet 
hereafter referred to as the Samfate et al reference and in further view of Bergman et al. U.S. 
Patent 6,422,694 and in further view of Smith, Jr. U.S. Patent 5,662,478. 

7.1 As regards independent Claim 10 the Gleichauf et al reference discloses a 
security modeling system (Col. 2 Lines 47-50, Col. 4 Lines 20-43), a network configuration 
module having network configuration data (Col. 4 Lines 9-19 Figure 2, CoL 5 Lines 14-26), a 
computer implemented method of analyzing networks based on the network configuration data 
where the software includes a network vulnerabilities database where the network vulnerabilities 
database includes, a plurality of known network vulnerabilities (Figures 1-5, Figure 5 ITEMS 
26 and 126, CoL 6 Lines 21-25, CoL 7 Lines 5-54). 
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However, the Gleichauf et al reference does not expressly disclose a network simulation 
or a mission objectives module coupled to the simulator used to determine network components 
that are involved in a specific attack scenario. 

The Ptacek et al reference discloses a network simulation for analyzing attacks against a 
network (Col. 3 Lines 24-43). 

It would have been obvious, at the time of the invention, to have modified the Gleichauf 
et al reference with the Ptacek et al reference because, (motivation to combine) the Ptacek et 
al reference discloses a method of simulating attacks on a network and provides a means to test 
the vulnerability of an proposed network configuration against different types of attacks without 
exposing that network to an actual attack. 

However, the Gleichauf et al reference does not expressly disclose a network 
simulation. 

The Samfate et al reference discloses a network simulator (page 766). 

It would have been obvious, to one of ordinary skill in the art, at the time the invention 
was made, to have combined the Network vulnerability database of the Gleichauf et al 
reference with the network simulator of the Samfate et al reference because, by being able to 
exactly repeat the manner in which the network behaves as the attack takes place, software 
counter measures can be tested, and then retested in an environment where the same conditions 
can be repeated when debugging the counter measure software (Samfate et aL page 766). 

The Bergmann et al reference discloses determining network components that are 
involved in a specific attack scenario (Figures 9-14, CoL 2 Lines 6-19). 
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It would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to have modified the Gleichauf et al reference with the Bergmann et al reference 
because (motivation to combine) the Bergmann et al. reference discloses that it is critical that the 
nodes where the attack originates be located or the attack will spread (Bergmann et al. Col. 2 
Lines 6-9). 

The Smith Jr. reference discloses mission objectives (Col. 4 Lines 16-25). 

It would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to have modified the Gleichauf et al. reference with the Smith, Jr. reference because 
(motivation to combine) the Smith Jr. reference discloses a method of reducing the time required 
to lead a group through a creative brain storming process which results in more cost effective 
results (Smith Jr. CoL 1 Lines 30-34). 

7.2 As regards dependent Claim 11 the Gleichauf et al reference discloses a 
database, including network vulnerability and exploitation data and attack data (Figure 2 ITEM 
80, Figure 3A ITEM 98, Figure 3B, 4 and 5, CoL 4 Lines 9-19, CoL 8 Lines 13-25). 

7.3 As regards dependent Claim 13 the Gleichauf et al. reference does not expressly 
disclose a Graphical User Interface. 

The Ptacek et al reference discloses a Graphical User Interface (Figure 2 A, 
ITEM 260, CoL 4 Lines 59-67, CoL 5 Lines 1-9). 

It would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to have modified the Gleichauf et al reference with the Ptacek et al. reference 
because, (motivation to combine) a Graphical User Interface provides an easy to use method of 
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user interaction with a computer program that does not require the user to memorize large 
amounts of command line interface commands to perform useful tasks. 

7.4 As regards dependent Claim 14 the Gleichauf et al reference discloses goals, 
expectations and constraints (CoL 1 Lines 1-67, CoL 2 Lines 1-65). 

7.5 As regards dependent Claim 16 the Gleichauf et al reference discloses a portable 
modeling system (Figure 1 ITEMS 20, 22, 24 and 26). 

8. Dependent Claims 12 and 15 are being rejected under 35 U.S.C. 103(a) as being 
unpatentable over Gleichauf et al. U.S. Patent 6,324,656 in view of Ptacek et al. U.S. Patent 
6,343,362 and in further view of "A GSM Simulation Platform for Intrusion Detection" by 
Didier Samfat, Veronique Devernay and Christian Bonnet hereafter referred to as the 
Samfate et al reference and in further view of Bergman et al. U.S. Patent 6,422,694 and in 
further view of Smith, Jr. U.S. Patent 5,662,478 and in further view of Gleichauf et al. U.S. 
Patent 6,282,546 hereafter referred to as the 02 reference, 

8.1 As regards independent Claim 10 see the rejection in paragraph 7. 1 above. 

8.2 As regards dependent Claim 12 the Gleichauf et al reference does not expressly 
disclose database tables. 

The G2 reference discloses database tables (Figure 3B and 3C). 

It would have been obvious to combine the Gleichauf et al reference with the G2 
reference because, the Gleichauf et al reference specifically points the reader to the G2 
reference in (Col. 8 Lines 12-25) when discussing another embodiment of the invention 
disclosed in the Gleichauf et al reference. 
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8.3 As regards dependent Claim 15 the Gleichauf et al reference does not expressly 
disclose receiving the network vulnerabihty, attack and exploitation data. 

The G2 reference discloses receiving updated network vulnerability, attack and 
exploitation data (Figure 1 ITEMS 18 and 16). 

It would have been obvious to combine the Gleichauf et al reference with the G2 
reference because, the Gleichauf et al reference specifically points the reader to the G2 
reference in (CoL 8 Lines 12-25) when discussing another embodiment of the invention 
disclosed in the Gleichauf et al reference. 

9. Dependent Claim 17 is rejected under 35 U.S. C. 103(a) as being unpatentable over 
Gleichauf et al. U.S. Patent 6,324,656 in view of Ptacek et al. U.S. Patent 6,343,362 and in 
further view of "A GSM Simulation Platform for Intrusion Detection" by Didier Samfat, 
Veronique Devernay and Christian Bonnet hereafter referred to as the Samfate et al 
reference and in further view of Bergman et al. U.S. Patent 6,422,694 and in further view of 
Smith, Jr. U.S. Patent 5,662,478 and in further view of Sparks, H U.S. Patent 6,352,479. 

9.1 As regards independent Claim 10 see paragraph 7. 1 above. 

9.2 As regards dependent Claim 7 the Gleichauf et al reference does not expressly 
disclose a simulator with an attacker and a defender user interface. 

The Sparks //reference discloses an attacker and a defender user interface (Figure 3). 

It would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to have modified the Gleichauf et al reference with the Sparks II reference because, 
(motivation to combine) by supporting muhiple players using a network and graphical user 



Application/Control Number: 09/483 , 1 27 Page 1 8 

Art Unit: 2123 

interfaces, complex and real-time interaction between an attacker and a defender can be achived 
over great distances using a network, like the internet, where two people do not have to be in the 
same geographic location to play against each other in a simulation or a game (Sparks II, CoL 1 
Lines 50-65). 

10. Dependent Claim 20 is rejected under 35 U.S.C 103(a) as being unpatentable over 
Gleichauf et al. U.S- Patent 6,324,656 in view of Ptacek et al. U.S. Patent 6,343,362 and in 
further view of "A GSM Simulation Platform for Intrusion Detection" by Didier Samfat, 
Veronique Devernay and Christian Bonnet hereafter referred to as the Samfate et al. 
reference and in further view of Ballard et al. U.S. Patent 4,937,825. 

10.1 As regards independent Claim 18 see paragraph 3.1 above. 

10.2 As regards dependent Claim 20 the Gleichauf et al reference does not expressly 
disclose network configuration files. 

The Ballard et al. reference discloses network configuration files (Col. 2 Lines 

10-53). 

It would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to have modified the Gleichauf et al reference with the Ballard et al. reference 
because (motivation to combine) the Ballard et al reference discloses a method and apparatus 
for isolating and diagnosing problems in a data communications network (Col. 1 Lines 58-68), 
an artisan would be drawn to this teaching because it shows how to monitor and document the 
configuration of a data network which saves time and effort when trying to fix a problem. 
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11, Dependent Claims 21, 22, 23 and 26 are rejected under 35 U.S.C 103(a) as being 
unpatentable over Gleichauf et al. U.S. Patent 6,324,656 in view of Ptacek et al. U.S. Patent 
6,343,362 and in further view of "A GSM Simulation Platform for Intrusion Detection" by 
Didier Samfat, Veronique Devernay and Christian Bonnet hereafter referred to as the 
Samfate et al reference and in further view of "HACKER, The Computer Crime Card 
Game", by Steve Jackson hereafter referred to as the Jackson reference. 

11.1 As regards independent Claim 18, see paragraph 3.1 above. 

11.2 As regards dependent Claim 21, the Gleichauf et al reference does not expressly 
disclose mission objectives. 

The Jackson reference discloses mission objectives (Page 7 "WINNEVG THE 

GAME"). 

It would have been obvious, to one of ordinary skill in the art, to have modified the 
Gleichauf et al reference with the Jackson reference because, (motivation to combine) modeling 
a computer network and pretending to hack into that network are activities that people Uke to do, 
as shown in the Jackson reference (Page 1, INTRODUCTION). 

11.3 As regards dependent Claim 22, the Gleichauf et al reference does not expressly 
disclose a Graphical User Interface. 

The Ptacek et al reference discloses a Graphical User Interface (Figure 2A, 
ITEM 260, Col. 4 Lines 59-67, CoL 5 Lines 1-9). 

It would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to have modified the Gleichauf et al reference with the Ptacek et al reference 
because, (motivation to combine) a Graphical User Interface provides an easy to use method of 
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user interaction with a computer program that does not require the user to memorize large 
amounts of command line interface commands to perform useful tasks. 

11.4 As regards dependent Claim 23, the Gleichauf et al reference does not expressly 
disclose dynamically interacting with an attacker. 

The Jackson reference discloses interacting with an attacker (Pages 2-7). 

It would have been obvious, to one of ordinary skill in the art, to have modified 
the Gleichauf et al reference with the Jackson reference because, (motivation to combine) 
modeling a computer network and pretending to hack into that network are activities that people 
like to do, as shown in the Jackson reference (Page 1, INTRODUCTION). 

11.5 As regards dependent Claim 26 the Gleichauf et al reference does not expressly 
disclose a score. 

The Jackson reference discloses a score (Page 7, WINNING THE GAME). 

It would have been obvious, to one of ordinary skill in the art, to have modified the 
Gleichauf et al reference with the Jackson reference because, (motivation to combine) modeling 
a computer network and pretending to hack into that network are activities that people like to do, 
as shown in the Jackson reference (Page 1, INTRODUCTION). 

12. Dependent Claims 23, 24 and 25 are rejected under 35 U.S.C 103(a) as being 
unpatentable over Gleichauf et al. U.S. Patent 6,324,656 in view of Ptacek et al. U.S. Patent 
6,343,362 and in further view of "A GSM Simulation Platform for Intrusion Detection" by 
Didier Samfat, Veronique Devernay and Christian Bonnet hereafter referred to as the 
Samfate et al reference and in further view of "HACKER, The Computer Crime Card 



Application/Control Number: 09/483, 1 27 Page 2 1 

Art Unit: 2123 

Game", by Steve Jackson herafter referred to as the Jackson reference and in further view of 
Kurtzberg et al. U.S. Patent 5,961,644. 

12.1 As regards independent Claim 18, see paragraph 3.1 above. 

12.2 As regards dependent Claim 21, see paragraph 1 1.2 above. 

12.3 As regards dependent Claim 22, see paragraph 1 1.3 above. 

12.4 As regards dependent Claim 23, the Gleichauf et al. reference does not expressly 
disclose dynamically interacting with an attacker. 

The Kurtzberg et al reference discloses dynamically interacting with an attacker 
(Figure 6, Col. 3 Lines 20-67, Col. 4 Lines 1-15). 

It would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to have modified the Gleichauf et al reference with the Kurtzberg et al reference 
because, (motivation to combine) attack simulations allow for testing of network security 
mechanisms and training of security systems administrators (Kurtzberg et al. Col. 1 Lines 5- 
67). 

12.5 As regards dependent Claims 24 and 25 the Gleichauf et al reference does not 
expressly disclose interacting in real time with a security modeling system. 

The Kurtzberg et al reference discloses interacting in real time with a security modeling 
system (Figure 6, Col. 3 Lines 20-67, Col. 4 Lines 1-15). 

It would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to have modified the Gleichauf et al reference with the Kurtzberg et al reference 
because, (motivation to combine) attack simulations allow for testing of network security 
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mechanisms and training of security systems administrators (Kurtzberg et aL CoL 1 Lines 5- 
67). 

13. Dependent Claim 27 is rejected under 35 U.S.C 103(a) as being unpatentable over 
Gleichauf et al. U.S. Patent 6,324,656 in view of Ptacek et al. U.S. Patent 6,343,362 and in 
further view of "A GSM Simulation Platform for Intrusion Detection" by Didier Samfat, 
Veronique Devernay and Christian Bonnet hereafter referred to as the Samfate et al. 
reference and in further view of "HACKER, The Computer Crime Card Game", by Steve 
Jackson hereafter referred to as the Jackson reference and in further view of Gleichauf et al. 
U.S. Patent 6,282,546 hereafter referred to as the G2 reference. 

13.1 As regards independent Claim 18, see paragraph 3. 1 above. 

13.2 As regards dependent Claim 21, see paragraph 1 1.2 above. 

13.3 As regards dependent Claim 27 the Gleichauf et al reference does not expressly 
disclose updating the vulnerabilities data base. 

The 02 reference discloses receiving updated network vulnerability, attack and 
exploitation data (Figure 1 ITEMS 18 and 16). 

It would have been obvious to combine the Gleichauf et al reference with the G2 
reference because, the Gleichauf et al reference specifically points the reader to the G2 
reference in (Col. 8 Lines 12-25) when discussing another embodiment of the invention 
disclosed in the Gleichauf et al reference. 
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14. Independent Claim 28 and dependent Claims 29 and 30 are rejected under 35 U.S.C. 
103(a) as being unpatentable over Gleichauf et aL U.S. Patent 6,324,656 in view of "Simulated 
Attack for Real Network Security" by Johna Till Johnson, hereafter referred to as the 
Johnson reference, and in further view of "A GSM Simulation Platform for Intrusion 
Detection" by Didier Samfat, Veronique Devernay and Christian Bonnet hereafter referred 
to as the Samfate et al reference and in further view of Kurtzberg et al. U.S. Patent 5,961,644 
and in further view of "HACKER, The Computer Crime Card Game*', by Steve Jackson 
hereafter referred to as the Jackson reference. 

14.1 As regards independent Claim 28 the Gleichauf et al. reference discloses a 
method of opposing network attackers (Figure 1, ITEMS 40, 42, 44 and 46, Figure 2 ITEM 
80, Col. 1 Lines 10-21), receiving a network configuration comprising hardware and software 
component information (Figure 2, note device type [hardware] and services [software], Col. 4 
Lines 20-42, Col. 5 Lines 14-26), determining results as a function of network configuration, 
and stored vulnerability data for the described computer hardware and software components 
(Figure 1 Item 26, Figures 3A-5, Col. 8 Lines 12-25). 

However, the Gleichauf et al reference does not expressly disclose; simulated 
network attacks, mission objectives, receiving commands from a network attacker and 
responding to the attack. 

The Johnson reference discloses a simulated network attack (Pages 31-32). 

It would have been obvious, to one of ordinary skill in the at, at the time of the 
invention, to have modified the Gleichauf et al reference with the Johnson reference because, 
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(motivation to combine) the Johnson reference discloses a good method for preventing 
unauthorized access to a data network (Johnson page 31-32). 

However, the Gleichauf et al reference does not expressly disclose a network 

simulation. 

The Samfate et al reference discloses a network simulator (page 766). 

It would have been obvious, to one of ordinary skill in the art, at the time the invention 
was made, to have combined the Network vulnerability database of the Gleichauf et al 
reference with the network simulator of the Samfate et al reference because, by being able to 
exactly repeat the manner in which the network behaves as the attack takes place, software 
counter measures can be tested, and then retested in an environment where the same conditions 
can be repeated when debugging the counter measure software {Samfate et aL page 766). 

The Kurtzberg et al reference discloses receiving commands from a network 
attacker (Figure 6, CoL 3Lines 20-28), and responding to the attack (Col. 3 Lines 40-67, Col. 4 
Lines 1-15). 

It would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to have modified the Gleichauf et al reference with the Kurtzberg et al reference 
because, (motivation to combine) attack simulations allow for testing of network security 
mechanisms and training of security systems administrators (Kurtzberg et al. Col. 1 Lines 5- 
67). 

The Jackson reference discloses mission objectives (Page 7 WINNING THE GAME). 
It would have been obvious, to one of ordinary skill in the art, to have modified the 
Gleichauf et al reference with the Jackson reference because, (motivation to combine) modehng 
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a computer network and pretending to hack into that network are activities that people like to do, 
as shown in the Jackson reference (Page 1, INTRODUCTION). 

14.2 As regards dependent Claim 29 the Gleichauf et al reference does not expressly 
disclose defender commands. 

The Kurtzberg et al. reference discloses defender commands (Figure 6, YES result). 

It would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to have modified the Gleichauf et al reference with the Kurtzberg et al reference 
because, (motivation to combine) attack simulations allow for testing of network security 
mechanisms and training of security systems administrators (Kurtzberg et al. Col. 1 Lines 5- 
67). 

14.3 As regards dependent Claim 30 the Gleichauf et al reference does not expressly 
disclose receiving critical resource information. 

The Johnson reference discloses critical resource information (Page 31, specified set of 
IP addresses). 

It would have been obvious, to one of ordinary skill in the at, at the time of the invention, 
to have modified the Gleichauf et al reference with the Johnson reference because, (motivation 
to combine) the Johnson reference discloses a good method for preventing unauthorized access 
to a data network (Johnson page 31-32). 

15. Dependent Claims 31-33 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Gleichauf et al. U.S. Patent 6,324,656 in view of "Simulated Attack for Real Network 
Security" by Johna Till Johnson, hereafter referred to as the Johnson reference, and in further 
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view of "A GSM Simulation Platform for Intrusion Detection" by Didier Samfat, 
Veronique Devernay and Christian Bonnet hereafter referred to as the Samfate et al. 
reference and in further view of Kurtzberg et aL U.S. Patent 5,961,644 and in further view of 
"HACKER, The Computer Crime Card Game", by Steve Jackson hereafter referred to as 
the Jackson reference and in fiirther view of Porras et al. U.S. Patent 6,321,338. 

15.1 As regards independent Claim 28 see paragraph 14. 1 above. 

15.2 As regards dependent Claim 31 the Gleichauf et al reference does not expressly 
disclose a graphical user interface. 

The Porras et al. reference discloses a GUI (Figure 5 Items 54, 50 and 58, Col. 
14 Lines 50-58). 

It would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to have modified the Gleichauf et aL reference with the Porras et al. reference 
because (motivation to combine) the ability to do statistical analysis on packet usage allows for 
detection of subtle network intrusions not easily detectable using non-statistical means (Porras 
et al. Col. 1 Lines 42-54). 

15.3 As regards dependent Claim 32 the Gleichauf et al reference does not expressly 
discloses a security score. 

The Porras et al reference discloses a security score (Col. 11 Lines 57-67, Col. 

12 Lines 1-6). 

It would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to have modified the Gleichauf et al reference with the Porras et al. reference 
because (motivation to combine) the ability to do statistical analysis on packet usage allows for 
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detection of subtle network intrusions not easily detectable using non-statistical means (Porras 
et al. Col. 1 Lines 42-54). 

15.4 As regards dependent Claim 33 the Gleichauf et al reference does not expressly 
disclose receiving attack commands that change services or nodes and that exploit 
vulnerabilities. 

The Kurtzberg et al reference discloses receiving attack commands that change services 
or nodes and that exploit vulnerabilities (Figure 6, Col. 3 Lines 40-67, CoL 4 Lines 1-15). 

It would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to have modified the Gleichauf et al reference with the Kurtzberg et al reference 
because, (motivation to combine) attack simulations allow for testing of network security 
mechanisms and training of security systems administrators (Kurtzberg et al. Col. 1 Lines 5- 
67). 



16. Independent Claims 34 and 40 and dependent Claims 35-38, 41 and 42 are being 
rejected under 35 U.S.C. 103(a) as being unpatentable over ^^Simulated Attack for Real 
Network Security" by Johna Till Johnson, hereafter referred to as the Johnson reference in 
view of Porras et al. U.S. Patent 6,321,338 and in further view of "A GSM Simulation 
Platform for Intrusion Detection" by Didier Samfat, Veronique Devernay and Christian 
Bonnet hereafter referred to as the Samfate et al reference and in further view of Gleichauf et 
al. U.S. Patent 6,282,546. 
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16.1 As regards independent Claims 34 and 40 the Johnson reference discloses a 
security modeling system for simulating networks and to determine network components that are 
involved in a specific attack scenario including configuration data (Pages 31-32). 

However, the Johnson reference does not expressly disclose, a plurality of data 
bases including mission objective tables, vulnerability tables and network configuration tables as 
well as a graphical user interface. 

The Gleichauf et al reference discloses a plurality of data bases including mission 
objective tables, vulnerability tables and network configuration tables (Figure 1, Figures 3 A, 
3B, 3C, 3D,) and configuration tables (TABLE 1 CoL 5 Lines 45-53). 

It would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to have modified the Johnson reference with the Gleichauf et al reference because, 
(motivation to combine) organizing data into tables is well known in the art and the Gleichauf et 
al reference discloses good methods of organizing data related to Network Security 
Vulnerability testing in such a manner that allows for flexibility and efficiency {Gleichauf et al 
Col. 1 Lines 58-63). 

The Porras et al reference discloses the use of a Graphical User Interface (CoL 
14 Lines 51-58), 

It would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to have modified the Johnson reference with the Porras et al reference because, 
(motivation to combine) a Graphical User Interface provides an easy to use method of user 
interaction with a computer program that does not require the user to memorize large amounts of 
command line interface commands to perform useful tasks. 
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However, the Johnson reference does not expressly disclose a network simulation. 

The Samfate et al reference discloses a network simulator (page 766). 

It would have been obvious, to one of ordinary skill in the art, at the time the invention 
was made, to have combined the Johnson reference with the network simulator of the Samfate et 
al reference because, by being able to exactly repeat the manner in which the network behaves 
as the attack takes place, software counter measures can be tested, and then retested in an 
environment where the same conditions can be repeated when debugging the counter measure 
software {Samfate et aL page 766). 

16.2 As regards dependent Claims 35 and 41 the Johnson reference does not expressly 
disclose mission tables or files. 

The Gleichauf et al reference discloses a plurality of data bases including mission 
objective tables, vulnerability tables and network configuration tables (Figure 1, Figures 3 A, 
3B, 3C, 3D,) and configuration tables (TABLE 1 Col. 5 Lines 45-53). 

It would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to have modified the Johnson reference with the Gleichauf et al reference because, 
(motivation to combine) organizing data into tables is well known in the art and the Gleichauf et 
al reference discloses good methods of organizing data related to Network Security 
Vulnerability testing in such a manner that allows for flexibility and efficiency {Gleichauf et al 
Col. 1 Lines 58-63). 

16.3 As regards dependent Claim 36 the Johnson reference does not expressly disclose 
service tables. 

The Gleichauf et al reference discloses a service table (Figure 5B). 
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It would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to have modified the Johnson reference with the Gleichauf et al reference because 
(motivation to combine) the ability to catalog services in a database is useful because there can 
be a record of which services are authorized and the data base can be used as an audit tool to 
determine what has happened after an attack {Gleichauf et al CoL 2 Lines 36-40). 

16.4 As regards dependent Claim 37 the Johnson reference does not expressly disclose 
configuration tables, defense tables, node tables, routing tables and password tables. 

The Gleichauf et al reference discloses configuration tables, defense tables, node 
tables, routing tables and password tables (CoL 5 Lines 8-36). 

It would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to have modified the Johnson reference with the Gleichauf et al reference because 
(motivation to combine) the ability to catalog services in a database is useful because there can 
be a record of which services are authorized and the data base can be used as an audit tool to 
determine what has happened after an attack {Gleichauf et al Col 2 Lines 36-40). 

16.5 As regards dependent Claim 38 the Johnson reference does not expressly disclose 
transmitting real-time network information 

The Porras et al reference discloses real-time monitoring (Col. 3 Lines 42-54). 

It would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to have modified the Johnson reference with the Porras et al reference because, 
(motivation to combine) to be able to monitor events in real-time the amount of damage fi-om a 
network intrusion can be minimized. 
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16.6 As regards dependent Claim 42 the Johnson reference does not expressly disclose 
determining which network components are involved in a specific network attack. 

The Gleichauf et al reference discloses determining which network components 
are involved in a specific network attack (Figures 6A, 6B, Col. 7 Lines 29-42). 

It would have been obvious, to one of ordinary skill in the art, at the time of the 
invention, to have modified the Johnson reference with the Gleichauf et al reference because 
(motivation to combine) different devices on a computer network have different vulnerabilities 
and it is useful to have a central database to distinguish which device is being attacked and what 
vulnerabilities are present on that specific platform {Gleichauf et al CoL 7 Lines 29-42). 

17. Independent Claim 9 and dependent Claim 39 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Gleichauf et al. U.S. Patent 6,324,656 in view of Ptacek et al. U.S. 
Patent 6,343,362 and in further view of "A GSM Simulation Platform for Intrusion 
Detection" by Didier Samfat, Veronique Devernay and Christian Bonnet hereafter referred 
to as the Samfate et al. reference and in further view of "HACKER, The Computer Crime 
Card Game", by Steve Jackson hereafter referred to as the Jackson reference. 

17.1 As regards independent Claim 9 the Gleichauf et al reference discloses a 
network configuration module (Col. 4 Lines 9-19 Figure 2, CoL 5 Lines 14-26), a computer 
implemented method of analyzing networks based on the network configuration data where the 
software includes a network vulnerabilities database where the network vulnerabilities database 
includes, a plurality of known network vulnerabilities where each network vulnerability includes 
a service to which it applies, defense conditions that might close the vulnerability, and resource 
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and state conditions needed to exercise the vulnerability, (Figures 1-5, Figure 5 ITEMS 26 and 
126, Col. 6 Lines 21-25, CoL 7 Lines 5-54). 

However, the Gleichauf et al reference does not expressly disclose a network simulation 
or a computer game. 

The Ptacek et al reference discloses a network simulation for analyzing attacks against a 
network (CoL 3 Lines 24-43). 

It would have been obvious, at the time of the invention, to have modified the Gleichauf 
et al reference with the Ptacek et al reference because, (motivation to combine) the Ptacek et 
al reference discloses a method of simulating attacks on a network and provides a means to test 
the vulnerability of an proposed network configuration against different types of attacks without 
exposing that network to an actual attack. 

The Jackson reference discloses a game (Pages 1-8). 

It would have been obvious, to one of ordinary skill in the art, to have modified the 
Gleichauf et al reference with the Jackson reference because, (motivation to combine) modeling 
a computer network and pretending to hack into that network are activities that people like to do, 
as shown in the Jackson reference (Page 1, EVTRODUCTION). 

The Gleichauf et al reference does not expressly disclose a network simulation. 

The Samfate et al reference discloses a network simulator (page 766). 

It would have been obvious, to one of ordinary skill in the art, at the time the invention 
was made, to have combined the Network vulnerability database of the Gleichauf et al 
reference with the network simulator of the Samfate et al reference because, by being able to 
exactly repeat the manner in which the network behaves as the attack takes place, software 
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counter measures can be tested, and then retested in an environment where the same conditions 
can be repeated when debugging the counter measure software (Samfate et aL page 766). 

17.2 As regards dependent Claim 39 the Gleichauf et al reference does not expressly 
disclose mission objectives, critical resource information and specific attack scenario 
information. 

The Jackson reference discloses mission objectives, critical resource information and 
specific attack scenario information, (Pages 1-8). 

It would have been obvious, to one of ordinary skill in the art, to have modified the 
Gleichauf et al reference with the Jackson reference because, (motivation to combine) modeling 
a computer network and pretending to hack into that network are activities that people like to do, 
as shown in the Jackson reference (Page 1, INTRODUCTION). 

Conclusion 

18. Claims 1-42 have been presented for reconsideration in view of Applicant's arguments. 
Claims 1-42 have been reconsidered and rejected. 

18.1 An updated review of the prior art of record in light of AppHcant's arguments has 
resuhed in new art rejections being applied, thus, this action is made NON-FINAL. 

18.2 Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Dwin M Craig whose telephone number is 703 305-7150. The 
examiner can normally be reached on 10:00 - 6:00 M-F. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kevin Teska can be reached on 703 305-9704. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published appUcations 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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